[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sequence Number

To: Jackie Wilson <jhwilson@austin.ibm.com>
Subject: Re: Sequence Number
From: Steve Kent <kent@po1.bbn.com>
Date: Tue, 13 Apr 1999 16:58:53 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


Jackie,

>I thought using the transforms ESP_EDS_IV64 and ESP_DES_IV32 could be used to
>provide backward compatibility to the old headers.  Did I misunderstand this?

I'll leave it to others to comment on what these IKE transforms may be
intended for.  Note, however, that the old versions of ESP and AH, with
different formats and processing rules, have been replaced by the formats
and processing specified in 2401, 2402, and 2405.  Since the same protocol
IDs are used for the old and new versions of AH and ESP, and since IPsec
compliance does not require use of IKE,  e.g.,to negotiate what version
might be employed, it seems clear that a compliant IPsec implementation
MUST follow the new, not old, AH and ESP specifications.

Steve

Prev by Date: Re: mode (tunnel/transport) in PF_Key
Next by Date: Standard symbol for security gateway (IPSec)
Prev by thread: Re: Sequence Number
Next by thread: New mailing list for the May interop event
Index(es):
- Main
- Thread